The C.I.A. is paying AT&T more than $10 million a year to assist with overseas counterterrorism investigations by exploiting the company's vast database of phone records, which includes Americans' international calls, according to government officials.

This is all purely voluntary ($10mil of greased palms/wheels notwithstanding), hence the lack of court orders or subpoenas. Oddly enough, this voluntary system actually protects the privacy of Americans much better than the "legal" Section 215 collections.

The C.I.A. supplies phone numbers of overseas terrorism suspects, and AT&T searches its database and provides records of calls that may help identify foreign associates, the officials said…

Because the C.I.A. is prohibited from spying on the domestic activities of Americans, the agency imposes privacy safeguards on the program, said the officials, speaking on the condition of anonymity because it is classified. Most of the call logs provided by AT&T involve foreign-to-foreign calls, but when the company produces records of international calls with one end in the United States, it does not disclose the identity of the Americans and “masks” several digits of their phone numbers, the officials said.

Of course, these "masked" records can be very simply unmasked by "tipping" them to other agencies, like the FBI, which then acquires a subpoena/court order to "unmask" the records. This just goes to show that these agencies can cooperate, as long as its in the interest of furthering domestic surveillance.

Ultimately though, this news isn't surprising. Phone companies have been collecting government paychecks in exchange for data for a very long time. True, the telcos don't want to appear as though they're selling Americans' data for cash, but that's exactly what's happening. The CIA's primary focus is foreign surveillance and, thanks to AT&T, there's some minimization in place to keep the agency focused on its purview.

More interesting, however, is how this news affects General Alexander's "generous" offer to store data at a "neutral site" in order to alleviate privacy concerns. As was noted back when he made this offer, American telcos are hardly "neutral sites" given their history of swiftly coughing up anything requested with a minimum of pushback.

So, AT&T (and Verizon, etc.) are not "neutral" in any true sense of the word, but at least storing the data there would put the NSA in the position of having to bring its selectors to a third party before accessing stored records, rather than just having them conveniently available (and exploitable) in its own storage for an indefinite period of time. This would trim down the "accidental" abuse that has been displayed by the agency in the past.

More recently, ODNI lawyer Robert Litt (along with the FBI's general counsel) suggested storing data with the originators would lead to less privacy. Given what we know about the CIA's paid data plans, he might be correct, even if his motives for making that claim were completely disingenuous.

It would introduce extra steps, but it appears as though there would be a way to "tip" domestic data to the NSA by simply using the process it uses with the FBI. Restrictions on both the NSA and CIA are meant to minimize the amount of unrelated domestic metadata they have access to. The CIA's restrictions are harsher than the NSA's, but the CIA can still grab and let the NSA wrangle the paperwork needed to unmask numbers. Or vice versa. The NSA can access its on-site metadata stores (with unmasked numbers) and tip domestic call data back to the CIA.

Both of these scenarios are unlikely, but storing the data at AT&T seems to offer very minimal privacy advantages over storing it in the NSA's data centers. At best, this creates some mild speed bumps for the agency to deal with in exchange for a small amount of "peace of mind" privacy-wise. Most telcos have seemed even less interested protecting Americans' privacy than the inquiring agencies themselves. As you'll recall, AT&T went out of its way to perform phone record queries for the FBI for agents armed with nothing more legally binding than a Post-It note.

The other thing to note is that this is another bit of evidence that undercuts the telcos' repeated assurance that they "value their customers' privacy." This sentence is usually followed directly by defensive wording about "complying" with "applicable laws" -- which actually means "complying with intelligence agencies." There's very little true concern on display and little to no evidence AT&T (and Verizon) have ever made any serious attempt to push back on government requests.

Reader Comments

Think of the children.

So let me get this straight, our government is always broke and having to do budget cuts in areas such as education, national defense,and different healthcare ooptions. But one agency has no issues spending millions a year for information that another government agency has already spent tons of cash to have complete access to. Why can't the wrong hand talk to the left hand and save some cash for programs that will help. Like feeding the children, helping the needy or creating a large monument in aappreciation for our great leader who shows everyone that once in office you have no accountability to do the things promised to get elected.

That's 1 percenter data

Funny isn't it, that the NSA is really targetting rich jetsetter Americans. Because the Joe sixpack don't make international calls.

This is 1 percenters that are being spied on here. Businessmen, jetsetters, people who travel abroad on holiday a lot.

Go ahead 1 percenters, support Fox News and promote this agenda to make American safe... from you. Because you apparently are a threat to America.

Nice to know isn't it, that your data goes into the big database and not Joe Sixpacks in this case!

Ha ha! Delicious irony! Ha ha!

Kind of bizarre/sad that they have a filter list of terrorists, that they're searching for, and instead of the law protecting privacy and only letting NSA get data related to its terrorist list, it just gets *all* the data. It even gets to store that data.

These amounts are so small among billions...

that to me seems like PR to establish the notion that is only a few -- just the 1 percenters posited above -- and so no need for much worry. Baloney.

We don't actually KNOW, people. When you don't have any way to verfiy, never trust anything specific, but take the mere mention as indicating a limited hangout psyop. They wouldn't release this at all if weren't to their advantage. This is just a (suspiciously) nice round number put out without least proof; the only sources that could confirm or disprove are the co-conspirators. -- Besides that, could be payoffs directly to executives / sysadmins for unlimited "direct" access.

Re:

Reason for lack of competition

Maybe one reason our gov isn't pushing for REAL competition in the communication areas, is because it's easier to get cooperation from a small handful of phone and cable companies than it would be if we had dozens of options.

Real competition in the phone/cable(isp) area may not solve the problem but it would at least make it more likely we'd find out about abuses.

Re:

Why 3 years? I'd prefer restricting them to only storing the data that is needed for them to function, and only for exactly as long as it is needed for that purpose. It's hard to see how that duration would be much longer than a single billing cycle.

Re: Re:

Let them store it as long as they want. Just prohibit government from paying for it. Money is all companies like AT&T care about. The minute the government stops paying them. They will probably stop being so eager to give it.

Re: Re: Re:

Also, even if they never give the government any of my data, I don't want companies holding onto it for longer than they need as a matter of principle. They'll certainly sell it or share it with other companies.